Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api gateway vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2017-3601
Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway). The supported version that is affected is 11.1.2.4.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to com...
Oracle Api Gateway 11.1.2.4.0
7.5
CVSSv3
CVE-2023-32230
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated malicious user to cause a Denial of Service (DoS) situation.
Bosch Monitor Wall
Bosch Videojet Decoder 7513 Firmware
Bosch Videojet Decoder 7523 Firmware
Bosch Video Recording Manager
Bosch Video Streaming Gateway
7.5
CVSSv3
CVE-2023-41259
Best Practical Request Tracker (RT) prior to 4.4.7 and 5.x prior to 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
Bestpractical Request Tracker
7.5
CVSSv3
CVE-2023-41260
Best Practical Request Tracker (RT) prior to 4.4.7 and 5.x prior to 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
Bestpractical Request Tracker
7.5
CVSSv3
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
34 Github repositories
2 Articles
7.5
CVSSv3
CVE-2022-26655
Pexip Infinity 27.x prior to 27.3 has Improper Input Validation. The client API allows remote malicious users to trigger a software abort via a gateway call into Teams.
Pexip Pexip Infinity
7.5
CVSSv3
CVE-2022-23443
An improper access control in Fortinet FortiSOAR prior to 7.2.0 allows unauthenticated malicious users to access gateway API data via crafted HTTP GET requests.
Fortinet Fortisoar 6.0.0
Fortinet Fortisoar
7.5
CVSSv3
CVE-2022-28327
The generic P-256 feature in crypto/elliptic in Go prior to 1.17.9 and 1.18.x prior to 1.18.1 allows a panic via long scalar input.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Extra Packages For Enterprise Linux 7.0
7.5
CVSSv3
CVE-2022-24675
encoding/pem in Go prior to 1.17.9 and 1.18.x prior to 1.18.1 has a Decode stack overflow via a large amount of PEM data.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp Kubernetes Monitoring Operator -
1 Github repository
7.5
CVSSv3
CVE-2022-24921
regexp.Compile in Go prior to 1.16.15 and 1.17.x prior to 1.17.8 allows stack exhaustion via a deeply nested expression.
Golang Go
Netapp Astra Trident -
Debian Debian Linux 9.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »